Long-tail claims for continuous or repeated injury may be covered under policies even if the express coverage periods have expired because of new theories of liability and the trend towards reviving dormant claims or redefining the discovery rule, such as for childhood sexual abuse.
​
Decades-old policies go missing because policyholders and insurers have ceased to exist, downsized, merged, relocated, or even experienced physical catastrophes.

Counsel for either the insured or insurer must understand what type of evidence is sufficient to prove or deny coverage, as well as the burdens of proof and which party has them.

Our panel will discuss why locating and evaluating coverage under old insurance policies has become a strategic imperative and the evidentiary requirements for proving or denying coverage when the terms of an insurance policy are missing.

We will review these and other crucial issues:

• Who has the burden of proof to establish or deny coverage?
• When should third-party policy location services be used?
• What happens when there is competing evidence about the scope of coverage in lost policies?
• Do special rules apply when dealing with lost excess policies?
• Can bad faith claims arise from reconstructing policies?

After the presentations, there will be a live question and answer session so we can answer your questions about these important issues directly. I hope you'll join us.

More information and registration here or call 1-800-926-7926  and ask for Reconstructing Coverage Under Missing Policies on 4/4/2023. Mention code: I81LC2-44PM2Y

In a recent decision, U.S. District Judge Allison Burroughs held that Harvard University (“Harvard”) failed to provide timely notice of a Civil Rights Act violation claim (“the Civil Rights Act claim”) to Zurich Insurance Company (“Zurich”) pursuant to the terms and conditions of the Zurich excess insurance policy.  The Zurich excess insurance policy was a claims-made-and-reported insurance policy that provided coverage for claims made during the policy period which were reported in writing to Zurich no later than 90 days after the expiration of the policy period.  Per the policy language, Harvard was required to give notice of the Civil Rights Act claim to Zurich by January 30, 2016.  Harvard did not provide notice of the Civil Rights Act claim until May 23, 2017.  In her opinion, Judge Burroughs, citing Massachusetts law, held that the unambiguous terms of an insurance policy must be strictly enforced and a policyholder’s failure to comply with the notice requirements of its claims-made insurance policy bars coverage.  While Harvard argued that Zurich was not prejudiced by the late notice, Judge Burrough’s rejected that argument and cited Gargano v. Liberty Int’l Underwriters, Inc., 572 F.3d 45, 51 ((1st Cir. 2009) which held that “[t]o require the insurer of a ‘claims made and reported policy to demonstrate prejudice from the insured’s failure to report a claim within the relevant policy period ‘would defeat the fundamental concept on which claims-made policies are premised. . . .”
    
In light of this decision, there are several practical steps a policyholder can take.

First, when a claim is received, the policyholders should review the notice provisions in its insurance policies.  When in doubt on what to do, policyholders should notice the entire tower (or towers) of coverage of the claim.  The notice language in umbrella and excess policies doesn’t necessarily follow the notice language in the underlying policies.  The notice language in the umbrella and excess policies may require notice as soon as the policyholder is aware of an occurrence, not just when the claim is likely to involve the umbrella or excess policy. 

Second, make sure that the notice provisions in the insurance policy are followed.  The insurance policy will contain language on where, when, and how notice is to be provided.  Follow the instructions in the insurance policy. In addition, when notice is sent to the insurance carriers (especially with a long-tail claim), draft the notice letter to include any and all known and unknown insurance policies issued by the insurance carrier. While many insurance carriers are now requiring notice of a new claim via email, policyholders should also send the notice letter by certified mail return receipt requested.  That way, the policyholder has the USPS green card signed by the insurance company evidencing that notice was received by the insurance carrier if the insurance carrier later claims it did not receive notice.  

Third, policyholders should work with their insurance broker to negotiate endorsements onto their insurance policies which protect the policyholder when noticing a claim.  For instance, there is an endorsement that prevents an insurance company from denying a claim if it has not been prejudiced.  The same endorsement protects the policyholder by limiting who within the company must give notice when there is knowledge of a claim.  That endorsement provides:

“You must see to it that we are notified as soon as practicable of an “occurrence”, offense, claim or “suit” after the Risk Manager or Risk Management Department or his/her designee becomes aware of such “occurrence”,offense, claim or “suit”. The failure in good faith to recognize that such “occurrence”, offense, claim or “suit” may involve this insurance shall not operate to prejudice your rights under this policy. To the extent possible, notice should include:

1. How, when and where the "occurrence" or offense took place;
2. The names and addresses of any injured persons and witnesses: and
3. The nature and locations of any injury or damage arising out of the "occurrence" or offense.

There is also an endorsement that can be negotiated that contains language that states “[i]n the event you fail to give us the required notice because the “occurrence” was inadvertently reported to another insurer, such failure will not invalidate this insurance. However, you agree to notify us of the “occurrence” as soon as practicable after you become aware of the failure.”  These are just a couple of the noticing of claim endorsements that should be discussed during the policyholder’s next renewal.
​
Bottom line - don’t make the mistake that Harvard did. It cost them $15 million in insurance coverage.  

The methods that are used to manage uncertainty are a product of the way we think about uncertainty and the way we think about uncertainty is influenced by our thinking about how events and circumstances (good or bad) occur.  Historically, the risk management profession has been focused on how things go wrong and how to deal with the financial consequences of things going wrong (usually through insurance).  This article examines the historical causes of this focus on failure.

Before getting to the historical reasons underpinning the “failure mindset,” let’s review the lessons from the previous section.  There, we traced the progression of humanity through several stages of evolution:  (i) hunter-gather; (ii) tribally organized communities; (iii) communities governed by rule by law; and (iv) communities governed by rule of law.  We used the term community broadly to encompass all types of organizations including political and business organizations.  Furthermore, we explained that the rule of law approach (which incepted in the 17th century) enables organizations to perpetuate themselves through a growth mindset fueled by the unleashing the full range of capabilities of each individual within the organization.  Lastly, we pointed out that the risk management profession could help the c-suite in this effort through the promotion and endorsement of decisions and behaviors that enlist people in the pursuit of noble causes worthy of their trust and dedication.  That, in turn, requires the risk management profession to become a place that helps business leaders learn how to lead with moral authority and how to generate respect and influence by trusting people with the truth.

Social scientists teach us that three major forces make a difference in whether organizations can become generative through widespread adoption of a growth mindset.  The first force is the amount of social capital in the organization, a term intended to capture the degree of trust within and between the various social networks that comprise an organization.  The second force is related to the first one – it looks at the quality and durability of the institutions within an organization.  Shared stories represent the third force.  For now, let’s focus on the shared stories and come back to social capital and institution building in the next section.

If there is one belief that underlies stories told by ancient and modern thinkers, philosophers, and social scientists, it is that humans are bad.  This belief helps explain why a rule by law approach has prevailed for centuries.  Such an approach is necessary if we believe that we live in a dog-eat-dog world in which only the fittest survive.  If humans are innately selfish and motivated primarily by self-interest, then it makes sense that we must devise authoritarian and hierarchical systems to hold our beastly natures in check.  The point is that the stories we tell ourselves about humanity influence the way society functions including the work of the risk management profession.  When we think the worst of people, it will skew how we approach and manage uncertainty.  

What is fascinating is that the people who tend to be most pessimistic about their fellow human beings are not the working class but the people who lead our organizations and who tend to be the most educated and affluent.  Why is negativity so deeply ingrained in the leadership class?  Part of it is evolution which designed humans to pay special attention to threats and part of is the stories we tell ourselves that make us fearful or angry.  Rutger Bregman, a Dutch historian, engaged in a study of historical events, scientific studies and philosophical argumentation for the purpose of helping us understand how leaders throughout history developed a tendency to believe stories that embraced a negative worldview.  

To illustrate this historical tendency, Bregman cites a modern example of how Hitler and Churchill were both influenced by the same book:  The Psychology of the Masses by the French author Gustave Le Bon.  Le Bon believed that in crises like war, the masses panic and gradually regress to their true nature, which is violent and selfish.  Le Bon’s ideas influenced Hitler to bomb London, hoping to induce panic and surrender, and the same ideas influenced Churchill and the British leadership to build emergency psychiatric wards.  To the surprise of Hitler, Churchill and the world, the psychiatric wards remained empty and the rates of substance abuse and suicide in Britain declined.  Of course, there was widespread grief and mourning, but the British people (much like the Ukrainians today) didn’t panic or surrender.  Instead, they became more altruistic and helped each other out far more they did under normal circumstances, so much so that after Germany’s defeat, many Londoners missed the increased camaraderie and solidarity they had enjoyed during wartime.

For students of risk management, Bregman’s study looks at two relevant questions – do humans tend toward good or evil and what is the influence of social systems and leadership?  As to the first question, Bregman explains that contrary to the stories passed down through the ages, human evolution isn’t about survival of the fittest, it’s about survival of the friendliest.  For example, anthropologists studying the hunter-gather phase have concluded that violence among groups of wandering hunter-gathers rarely occurred.  Instead, these groups worked together and learned from each other and those that excelled at collaboration achieved the highest rate of survival.  Nature favored the most cooperative (not the strongest or most selfish) so much so that human facial features became softer, rounder and friendlier.  In fact, in the animal kingdom, humans are unique for prominently showing the whites of their eyes, allowing others to see where our attention is directed, thereby enabling trust and cooperation among people.

Having determined that the Hobbesian worldview of human nature (humanity is not a matter of survival of fittest or the most evil and corrupt) is mistaken, Bregman turns to the second question which addresses the impact of civilization and social hierarchy.  Sedentary societies emerged about 10,000 years ago, leading to the concept of private property which, in turn, led to systems of inheritance and generational accumulation of wealth.  Accumulation of wealth, in turn, provided justification for hierarchical leadership and the means for protecting wealth and prestige, including the use of war.

Bregman doesn’t advocate that we return to hunter-gather communities in order to improve the way we manage uncertainty.  By any objective measure, the current world is a huge improvement over what came before.  For example, the murder rate of medieval Europe was more than 30 times than what it is today and wars between developed countries have all but vanished.  Even in the developing world, warfare is substantially declining.  Moreover, much of the world has unparalleled higher standards of living and modern conveniences that have dramatically reduced disease and significantly increased human life expectancy.  
​
Instead, Bregman challenges us, particularly those in positions of leadership, to develop a more accurate and realistic view of humanity that allows us to better manage uncertainty and improve our subjective standard of living.  Put differently, what can we do to lessen distrust and decrease the fraying of social bonds which impedes social learning that is critical to continued human progress?  We will address this question and the role of senior leadership in the next section.

The author of this guest essay is Todd Welch, Chief Executive Officer of Charter Partners.  Todd and his family started Charter Partners in 1991 to help business leaders and entrepreneurs with a new community-driven alternative to the rising costs and declining trust in the property/casualty marketplace.  By working with Charter Partners,  business leaders learn to control insurance costs , obtain better coverage, and improve their approach to safety, risk management, and insurance issues. 

Todd is known for promoting trust as a core principle to life, which led to the 2009 publication of his book entitled Trust:  How to Put It Back in Business.  Todd also collaborated with Vice Adm. John Grossenbacher, former commander of the U.S. Naval Submarine Forces and Paul O’Neill, former Secretary of the U.S. Treasury and Alcoa CEO, to found ZERO, a software platform designed to engage workers in promoting a safer work environment.

Thirty-plus years in business have taught us a lot.  How can we distill that knowledge for you? We call it Seven Steps to Creating a Community Insurance Company. In this and future columns, we want to share the values we hold dear, the technical details needed to achieve successful results, and the consistent tasks necessary to maintain a functioning Community Captive Insurance Company.  Whatever path led you here, I am happy you arrived. Together, we can change the insurance industry’s future for the better.

I’ll share what we’ve learned about Community Risk Management through real-world stories. Complementing these stories are related data and other resources to give you as clear a picture as possible.
Community Risk Management starts with a decision to adopt new thinking everyone in your network can use to improve the speed, quantity, and quality of the business. This includes employees, suppliers, customers, advisors, and believe it or not . . . even competitors.

So, let’s dig into the first step – understanding insurance!

A brief history of insurance.
The year is 1668. The place is Tower Street, London, at the Lloyd’s Café. The news of another ship lost at sea is the main topic of discussion. The ship owners know a loss like this could happen to any of them. Knowing and trusting each other, a small group of ship owners decide that they should band together to share the risk of such a loss in the future. They took a piece of paper and wrote down the details of the next voyage, including the ship’s name, captain, route, expected travel time, and value of the cargo. Underneath the description, they signed their names and notated a percentage of the risk each of them were taking. Each person would receive a portion of the revenue from the owner for taking the risk. They called the signers “underwriters.” This shared risk-taking was the birth of the insurance industry.

This risk model caught on and eventually became what we now know today as Lloyds of London, one of the largest and most sophisticated insurance systems in the world.  Looking back, there is no way we could've achieved the incredible benefits of the innovations over the last three and a half centuries without the ability to share risk. Everything from the invention of electricity and airplanes to pharmaceuticals and entertainment could not have been established without insurance. Today we can insure almost anything, even recover from massive natural disasters, because of the global risk-sharing network that has been created over the past few centuries.
​
However, there has been a downside to all the success. In the process, we have created massive financial institutions that have separated themselves from the local cafés long ago where underwriters and business owners got to know each other and learned to trust each other.  We  no longer enjoy these relationships and the way they induce positive peer pressure.  Any good business leader knows instinctively that collaborative peer pressure is essential to long-term success.  In the world of insurance, collaborative peer pressure is essential to ensuring that we prevent losses and that we manage them well after a loss has occurred.  

In short, the modern insurance company has become separated from local communities and society in general.   Even worse, in some insurance companies, it’s become a badge of honor to take advantage of policyholders when handling their insurance claims.  Moreover, at an individual level, lay people are unaware they're part of a community such as State Farm, Liberty Mutual, or MassMutual. These are all peer-owned insurance companies. Nobody seems to know that, and they act like independent financial organizations.

How do we fix this?  What we need is an entrepreneurial approach. We believe the Charter Partners System of Community Risk Management, along with a Captive Insurance program, can build a culture that will foster even more significant and prolific innovations. The future lies not with one genius in a garage but in connecting the garages into networks of trusted peers innovating together.

A crisis in insurance.

After 20 years in business, our family insurance agency, Bowers, Schumann and Welch (BS&W), developed an excellent reputation—our clients trusted us. We ranked as one of America’s top 100 brokers. Nearly three out of four small businesses, non-profits, and government organizations in our region were insured through our family business.
Scott Welch, my father, told a famous BS&W story over and over: In the early years of BS&W, a client came into the office to report an accident. His small truck was declared a total loss. There were only a few employees at the time, and Dad was documenting the claim for him. He realized a mistake was made in the original application resulting in the customer having no coverage for his truck.

He hadn’t faced this situation before and felt anxious. What should he do? He excused himself and had a private consultation with his senior partner, Leonard Schumann. After listening to Dad’s story, Leonard said, “Well, Scott, I’m not sure what we are going to do, but I am sure that it starts with telling him the truth.” This story came to exemplify the values of BS&W and continues with Charter Partners, and afterward, everyone knew what to do if they got into a similar situation.

Then, in March 1986, a crisis jeopardized everything he had worked so hard to create. The cover of Time read:  “Sorry, America, Your Insurance Has Been Cancelled.”    Our clients were in a financial crisis, and some blamed our family business.


What do you do in a crisis?

As the crisis picked up, public schools, one of our key business segments, were hit hard. This crisis caused insurance rates to increase many times the cost of previous years, or policies were unavailable at any price.

In school board meeting after school board meeting, I watched my father defend why the rates had increased so dramatically. The outcome of intense competition, high-interest rates, and overzealous investment between the insurance companies created the crisis. No one in our region, including Dad, had any control over these events. However, BS&W and the Welch family name continued to be in the newspaper, associated with unreasonable insurance rate increases. Public officials threatened to resign due to loss of liability coverage, and these increases caused budgets to be busted. The communities’ anger and frustration boiled over.

Just when most people would run for the hills, Dad did the unexpected: he invited every frustrated public authority to a joint conference at our office. On the surface, you might think him crazy.  There was some real tension in the room as the meeting convened. I watched as Dad facilitated a discussion that encouraged everyone to vent their fears.  Dad gave the group tools to educate themselves about the facts, and begin to co-design a shared future.  Amazingly, he helped them move from crisis to creativity, discovering their answer along the way. In my view, he went from zero to hero; the experience left an indelible impression on me.

As the school boards and education leaders built their confidence in the facts surrounding their situation, they also built mutual trust. They could now determine their future, and they did exactly that. Fourteen public schools came together to form the Warren Hunterdon Insurance Pool (WHIP). WHIP became so successful that two adjoining counties in New Jersey, Morris, and Sussex, asked to join.

However, there were learning experiences along the way. For example, some schools “excused themselves” from participating. Later, we found choosing not to participate is an essential element of group formation. Some people and groups don’t fit the collaboration mold or current standards and politely leave. To our surprise, this consolidation made the core group even stronger.  We will talk more about the importance of group formation later.

Conclusion.
​
Insurance, in general, is a big, messy, complicated beast. At Charter Partners, we believe in getting the right people together, providing industry expertise and knowledge, and creating a sustainable community. We believe that with Community Risk Management and a Captive Insurance program, and simple, consistent systems, we can make a difference in your experience.
Here are the lessons learned from this first section:

1. Community Risk Management can restart the innovation engine.
2. Tell the truth.
3. You can turn adversity into an opportunity if you are willing to listen.

In the next newsletter, we will explore the second step – Identifying Champion Partners.

What is PFAS?

PFAS is the acronym for perfluoroalkyl and polyfluoroalkyl substances, a group of approximately 5,000 man-made chemicals.  Since the 1940s, many products commonly used by consumers and industry have been manufactured with or from PFAS including nonstick cookware, waterproof or stain resistant fabrics, and firefighting foam.  PFAS are persistent and resistant to environmental degradation.  They are everywhere.

People are exposed to PFAS from many different sources (food, water, consumer use, occupation exposure), increasing cumulative risk. According to US EPA, certain PFAS can accumulate in the human body for extended periods. Adverse health effects include: 

• Liver effects (e.g., higher cholesterol) 
• Immunological effects (e.g., decreased vaccination response, asthma) 
• Developmental effects (e.g., birth weight)
• Endocrine effects (e.g., thyroid disease)
• Reproductive effects (e.g., lower fertility)
• Cardiovascular effects (e.g., pregnancy induced hypertension)
• Cancer (e.g., testicular, kidney – documented PFOA only)  

Over the last several years, the environmental regulations for PFAS have changed. In 2016, the EPA issued Drinking Water Health Advisory for PFOA & PFOS only.  While it is non-enforceable, the standard set was 70 ppt for PFOS & PFOA ppt combined.  In March 2021, the EPA published a final determination to regulate PFOS & PFOA in drinking water.  It is now developing an enforceable National Primary Drinking Water Regulation and expects to issue a proposed regulation in Fall 2022 with a final Rule expected by Fall 2023.  In December 2021, the EPA finalized the Fifth Unregulated Contaminant Monitoring Rule (UMCR 5) to establish nationwide monitoring for 29 PFAS and lithium in drinking water.   

Under the Clean Water Act, the EPA is looking to restrict PFAS discharges from certain industrial sources through Effluent Limitations Guidelines (ELG) program.  The current industries of focus are organic chemicals, plastics, and synthetic fibers (proposed rule expected Summer 2023) and metal finishing and electroplating (proposed rule expected Summer 2024).  The EPA will continue studying other industries to understand current PFAS discharges including the National Pollutant Discharge Elimination System (“NPDES”) permitting to reduce PFAS discharges to waterways. 

While PFAS is not currently regulated under CERCLA, the EPA is working on a Proposed Rule designating PFAS as hazardous substances.  The Proposed Rule is expected Spring 2022 with the Final Rule expected in Summer 2023.  The Advanced Notice of Proposed Rulemaking to seek public comment on designating other PFAS as hazardous substances was issued in Spring 2022.  Its impacts include:

• Mandatory reporting of releases above reportable quantities
• Downstream effects on businesses that used PFAS in products 
• Downstream effects on businesses that own property where PFAS was used in the past 
• Re-opening of closed Superfund sites
• Cost recovery and contribution litigation 

Is there insurance coverage for PFAS?

If a company is faced with a PFAS claim, it should evaluate whether it has any insurance coverage to address the claim.  Issues to consider are: (1) Is this first-party loss or a third-party liability, or both? (2) Any number of policies could apply – environmental policies, property policies, CGL, D&O, etc.; (3) How far back does the claim reach?  (4) Oftentimes long-tail claims span multiple years; (5) Are predecessor’s policies relevant? and (6) Any additional insured coverage?  Most PFAS claims likely will involve general liability policies which provide insurance coverage for claims because of bodily injury and property damage to third parties.  Keep in mind that groundwater pollution is covered third party property damage because no one owns the groundwater.

Current insurance policies do not provide coverage for PFAS claims.  Historic policies, those issued before the broad form pollution exclusion was added, are key.  If a company does not know what its historic insurance program looked like, it may need to hire an insurance archaeologist firm, like SandRun Risk, to search for the historic policies and secondary evidence of polices to prove the existence and terms of coverage.  Places to look include, but are not limited to:

• Risk Management records
• Accounting records
• Business contracts
• Board meeting minutes
• Former employees
• Outside defense counsel
• Incident reports
• Broker(s) records
• Insurer(s) records
• Litigation files (internal and external)

The Policyholder carries the burden of establishing that: (1) it conducted a diligent search for the policies; (2) the policy was lost or destroyed; and (3) the loss or destruction was not the result of bad faith.  The Policyholder must prove the existence and material terms and conditions of the policy (policy period, type of coverage, named insured, limits).  After locating its historic insurance policies, the Company should place the insurance carriers on notice of the claim.  Any insurer with potential coverage should be sent a notice letter.  Many insurance policies require notice “as soon as practicable.”  Don’t delay.  Get the notice letter out as soon as possible, preferably before any costs are incurred.  If a company has a claims-made policy, don’t wait until the end of the claims-made policy period.  A company can supplement notice as needed.  The notice letter should incorporate all known and unknown policies as well as “all potentially applicable policies.”  If a company is an additional insured on a policy, don’t rely on the named insured to give notice.

Once notice is provided, the insurance carriers should acknowledge receipt of the claim.  Often, the insurance carrier says they need more information and begin requesting data.  A company should respond strategically.  If the insurance carrier sends a reservation of rights letter, Companies should respond to all reservation of right and denial letters and continue to preserve all rights to coverage. As companies work toward resolution of the claim with its insurance carriers, they should keep in mind any time considerations including: (1) whether there is a contractual limitation period; (2) where there are any statutory limitations for breach of contract, bad faith, vexatious refusal to pay.  These time considerations vary from jurisdiction to jurisdiction.  

While negotiating coverage, a company may consider entering into Confidentiality, Standstill and Tolling Agreements with its insurance carriers. The insured has the initial burden to prove that a claim falls within coverage. If met, the burden then shifts to the insurance company to prove that an exclusion applies to bar coverage. Common coverage issues that arise are:

• Pollution Exclusions 
• Known Loss Doctrine  
• What constitutes a “suit?”
• What law governs? 
• Whether there is an occurrence (“expected or intended”)
• How many occurrences are there? 
• Allocating damages

Conclusion

PFAS claims are likely to increase over the next several years.  If companies have a history of using PFAS in their operations, they should begin to look for their historic insurance policies now and not wait until a claim is made.  This avoids the delay of presenting notice of the claim to the insurance carrier and the carrier arguing that notice was late or that any costs incurred prior to notice are not recoverable.  

Tell us about your collaboration with Grant Purdy.  How do you two complement each other and how did your collaboration make for a better book (Deciding - A Guide to Even Better Decision-Making)?

Grant and I met in 2003 as nominees of national organizations on a joint Australian and New Zealand committee charged with conducting a routine five-yearly review of what at the time, was the only standard in the world on risk management (widely known as AS/NZS 4360). Grant was nominated by the Minerals Council of Australia (having been the Chief Risk Officer for the global mining giant BHP).  My nomination came from the New Zealand Society for Risk Management of which I was the founding chairman. 

Standards writing committees  are typically hot beds of debate and even more so when as in this case, the subject matter is more notional and abstract than real and concrete.  Initially, there were times when Grant and I didn’t agree but progressively we found ourselves on the same side of most arguments because of our affection for logic and reason. 

Subsequently, Grant became chairman of the committee (of about 25 members) and encouraged a culture of  “best idea should win”, or,   in other words, ‘”let’s all genuinely strive to make the best decisions we can, rather than just push our own ideas.”  While some members were at times uncomfortable with the resulting robust debate, I thoroughly enjoyed it as it allowed me to both test and refine my ideas. 

The revised standard – AS/NZS 4360:2004 – was soon being informally adopted by other countries (even translated, in some cases) with the result that the international organization for standardization (ISO) soon proposed the development of an international (ISO) standard on “risk management.”  It established a project group with representatives from numerous countries, using AS/NZS 4360 as a first draft. 

Grant and I were nominated to represent our respective countries and over the next few years, we flew thousands of miles to attend many lengthy five-day meetings. Outside those meetings, we spent hundreds of hours in drafting work and discussions with our own national “mirror” committees.  The resulting standard – ISO 31000 Risk management – Principles and guidelines – was published in late 2009. A couple of years later, the ISO project group was given a more permanent status and charged with commencing a routine five-year review of ISO 31000. 

Following publication, ISO 31000 was quickly adopted by many countries including our own and our joint Australian/New Zealand committee began work on companion standards and guidance handbooks which while completely consistent with the international standard, expanded on the guidance in relation to particular sectors (for example ‘Managing risk in sport and recreation organisations’), particular types of uncertainty (e.g. ‘Managing environment-related risk’) or particular techniques (e.g. ‘Risk financing guidelines’ - which I earlier discussed in Part II of our interview).

However, along this journey, both Grant and I (and a few members of the ISO committee from other nations) became increasingly aware that the rather elastic notion of  “risk management” was deeply flawed, impractical and a hindrance to organizations seeking to make decisions to advance their purpose.  The evidence for this came from both our own experiences in our day jobs working as advisers to many different types of organizations (Grant and I had very similar albeit entirely independent professional careers) and from independent surveys by global management consultancy firms which asked organizations about the extent to which they used and applied ISO 31000.

Despite the standard proclaiming itself to be relevant to all activities of every type of organization in the world and ISO boasting about its sales figures (ISO 31000 is one of their best sellers) the reality was different.  Only a tiny fraction of the world’s organizations knew of its existence. Of those that did, almost none really understood it or followed its advice despite, in many cases, building organizational edifices in the name of doing so and feeding a rapidly expanding consulting sector providing supporting advice. 

Although ISO 31000 had over 25 artificially defined terms, the “risk management” consultancy sector began inventing a bewildering array of new, albeit nonsense, “risk” – related jargon, enthusiastically promoting it as if it represented new validated knowledge. Small wonder that the global surveys of large companies consistently showed that of those saying they were involved in risk management or were using ISO 31000, few actually made decisions that way or thought that it helped them pursue their purpose.

For that reason, I advocated that the routine revision of ISO 31000 should proceed from first principles by first defining the problem that ostensibly it was trying to solve, with the drafting of a new standard responding to that defined problem. As I often would ask: “if risk management is the answer, what is the question?”

Unsurprisingly, this definitional approach, which initially was reluctantly agreed to, showed that the central challenge for every organization is simply to make sound decisions in the face of uncertainty. The resulting design specification for the revision therefore focused entirely on decision-making. 

But the world of standards-making has many vested interests, too many of which could see their fanciful world of “risk” and “risk management” disappearing and so, despite the revision task group gaining strong international support for drafting to be based on its carefully prepared design specification, the ISO committee ultimately blocked this approach. I could do no more so I resigned, joining Grant in the ranks of “ISO-refugees” who had also become frustrated by inept ISO administration and processes along the way. 

However, Grant and I felt that the thinking that had gone into developing the now abandoned design specification was too useful to waste. We decided to draw on our practical experience of having worked with many types of organizations and to write a jargon-free book to help individuals and organizations to make even better decisions. “Deciding” was the result.

Your book advocates that we dispense of words like opportunity and risk and focus instead on decision-making.  How do we go about this?  In other words, how do we help organizations adopt the ideas presented in your book?

We have no difficulty with the word “opportunity” as it has a clear, ordinary meaning. It refers to the existence or emergence of a set of circumstances which offers the possibility for an organization to advance its purpose. To do so, of course, the opportunity needs to be recognized and a decision made about whether and how to exploit it.  This is what happened with the emergence of ride-share operators (e.g., Uber, Lyft) who saw and exploited the opportunity created by the rise of the gig economy, advances in GPS navigation, mobile phone and bank payment technologies, increasing frustrations of travelers concerning the reliability of regular taxi services and concerns about driver and rider safety. 

So, our problem is not with the word opportunity but with a contemporary (consultant-driven) affection for pairing it with risk as in the wholly meaningless apparent dichotomy of risk and opportunity as if they were antonyms.  Not only are these words entirely unrelated (in Deciding we liken them to pairing bulldozers and cabbages in that it can be done but has no sense) but one,  the word “risk”, has the fatal flaw of having no accepted meaning – despite the prevalence of its use. 

“Risk” is used as a label for a surprisingly wide range of mainly conflicting and often muddled notions. This cannot be remedied by giving “risk” a formal meaning because whether in standards, statutes, the common law or in contracts, there are dozens of such formal meanings – each entirely arbitrary and, axiomatically, contradictory. Add to that are the everyday casual – but conflicting - uses (the TV weather person says ‘tomorrow, there is a risk of rain’ but he or she usually just means there is a “chance” of rain).

The ISO 31000 standard tried to specify a meaning which was so obscure that five (internally conflicting) explanatory notes were added to the definition even though the standard insisted that such explanatory notes were not to be treated as part of the definition!  Adding to the confusion, in amongst the 20,000 or so ISO standards, there are, apparently over 40 different ideas that are formally labelled with the word risk.  And that’s from an organization established for the purposes of standardization! 

It took Grant and I a while to realize that this multiplicity of contemporaneous, yet conflicting, meanings is not fixable. The genie is out of the bottle which is why we reject use of the word. Apart from it having no utility, its use has the unfortunate added effect of obstructing rational discussion. The same applies to all the confected expressions that incorporate the word risk whether as a noun (e.g., cyber risk) or adjective (e.g., risk management).  No one can manage a will-o’-wisp.

So how does a person who is accustomed to using the word risk deal with the problem. Our solution is to simply not use it. Rather like resolving not to use swear words in the presence of say, elderly grandparents, it is just a matter of training the brain to recognize the onset of the urge to use the word risk, pausing to think what is really meant, and then substituting other ordinary words according to the context.  Risk is such an adulterated word that it has no synonyms. A plus factor in discontinuing its use, is that the additional thinking to identify an alternative means of expression usually brings additional insight and clarity. 

You also ask the question as to how individuals and organizations can give effect to the rest of the guidance in our book. In fact, it involves a very simple two-step process – first read the book, and then, together with others involved, use it on the very next decision to be made. As the character Sam-I-Am says in Dr Seuss’s 1960 book as he urges another character  to reverse his dislike of green eggs and ham: “Try them! Try them! And you may”. 

Feedback we have received since the book was published is that the value of its simple, jargon-free practical tips are quickly apparent to those that “try them.”

Your book makes the point that everything begins with purpose.  Can you elaborate on this and how clarification of purpose improves decision making?​

We contend that every organization exists for a purpose. Otherwise, it would not have been established. The Purpose can therefore be thought of as the highest expression of its reason for existence. For statutory organizations created by governments, the purpose will usually be found in the empowering legislation.  For other organizations, it might be expressed formally in its foundational corporate documents or exist as an enduring shared understanding. 

By the way, we are always a bit wary of the assumption that the now popular ‘Mission Statement’ that many organizations (and their PR advisers) like to publish and boast about in the annual report necessarily expresses Purpose. It might, but also might not. What is distinctive about purpose is that it is a deeply held belief and typically very succinct.  The reality is that the mission of every organization, is its pursuit of purpose but if the purpose is not clear to all, the mission has no hope of success.

As to why awareness of purpose is fundamental to decision-making, we contend that there is only one way for an organization to advance its purpose and that is to make decisions that take advantage of opportunities as they arise. Opportunities, of course, only exist in relation to purpose. So, awareness of purpose is necessary for two reasons – to recognize opportunities, and to shape and test the decisions that are made to exploit the opportunities. 

In our book, we quote the wise words of Seneca the Younger (in the year AD65) to illustrate the critical importance of awareness of purpose…”If one does not know to which port one is sailing, no wind is favourable.”

Projects can be a great example of decision-making that is not rooted in purpose. The mantra of the project management sector is that a great project is one that is delivered on time, in specification and within budget. And yet far too many projects which have ticked all three boxes are proved to be a disaster because the decisions that launched and shaped them were not solidly anchored to the purpose. Sadly, for taxpayers, far too many government projects fall into this category.

Your book also recommends that we dispense with artificial tools such as risk registers which are commonplace today.  Drawing from your book, what should we be doing instead?

Starting with my earlier comments about the problems with the word risk, my first question about “risk registers” is to ask what exactly is being registered and my second question is for what reason?  My answer to both is “I have no idea!”  Given that that term “risk”’ has no consistent or valid meaning, then neither can the content of “risk registers” have any useful meaning.  

Furthermore, the entries for whatever is thought to be being registered, are created at a moment in time (albeit often in relation to earlier decisions) and thus are (at best) a product of the prevailing context at the time of creation. Whether or not noticed, aspects of context can change in an instant and may or may not be those prevailing when the decision was made. Hence, the (intended) value of the content of the registers either ceases or diminishes from the moment the compiler hits “Enter” because life is dynamic. Conducting reviews of the entries in these registers at arbitrary intervals to give the impression of currency does not solve the problem of supersedence.  Moreover, whatever is being “registered” (typically, derived from hypothetical scenarios) is, of course incomplete as the entries are at best a sampling. And yet that is not how those who champion these registers characterize them. 

The ultimate illustration of the uselessness of risk registers is that having been created, the information in them is almost never used by decision-makers. In most cases, the information is not even accessible to most decision-makers. 

As Grant and I have often been able to demonstrate, these registers are both a fiction and a burden. Not only does their generation absorb energy, time and money but doing so distracts from the real task of pursuing purpose by making sound decisions. Their existence gives rise to false confidence about the adequacy of decision-making.
Our simple advice is to just discontinue compilation of these registers and for reasons of security, delete all the (albeit aging) data contained in them.

As a distance runner, I know that getting better at anything takes time.  What advice do you have for organizations that want to start implementing the decision-making process in lieu of traditional activities such as updating a risk register?

We contend that everyone uses the same decision-making process which we describe in ‘Deciding’ (using plain words and no jargon)  Decisions have always been made this way because of the inherent logic of doing so. Nevertheless, not all decisions are successful.

The differentiators in terms of the success of the decisions are those that relate to (i) the awareness of the ‘Decider’ of how they are actually making their decision, and (ii) their proficiency in respect of the various elements of the process.  So, the challenge for an organization wanting to make even better decisions, is not to decide whether to adopt a new process but just to decide to become more aware of the process they are actually using and then getting better at it ….. our motivation for writing the book. 

For the reasons we have explained, whatever risk registers are, or are thought to be, they are not a method for decision-making nor do they assist decision-making. Dispensing with the word risk has the useful further benefit of dispensing with risk registers!  So, I don’t think there is any issue of having to choose or trade.  Simply put the creation of things called risk registers to one side and make no further reference to them. This does not even require a gradual or transformational process – just one push of the delete key will usually do it!

As you note, the more one does something and is conscious of doing so, the faster that improvement will occur – particularly where there are observable results capable of measurement or comparison. In this case, it is not a matter of doing something new, but just being more conscious of what is already being done and recognizing the opportunities for improvement. 

We’ve said in our book that we have written it for thinkers by which we are not referring to thinking in general, but rather to people who will think about what we have said (often illustrating it with an anecdote that might not be directly relevant to the world of the reader but which, with a little reflection will be recognized as having more universal application). 

The path for improvement is easy to navigate. Each of the chapters of our book relates to an element of the universal decision-making method and contains many practical examples and bullet-pointed practical steps. 
​
For example, because ultimately, nothing is absolutely certain, every decision is based on assumptions and hence assumptions are the subject of one of the chapters in the book. The Decider might or might not be aware of either the nature or the significance of the assumptions however it is a simple matter to become more conscious of these matters by routinely asking questions such as:

• Why do we think that information is valid/current/correct/complete?
• Does the decision rely for its success on it being implemented in the way that we intend?
• Why do we believe it will be implemented as intended?
• Are we relying on things remaining unchanged over the life of the decision?

Creating the habit of asking these types of questions soon improves decision-making practice. So too, can aides memoir.
​
One reader of Deciding reported the value of making an enlarged copy of the figure in the book (Figure 3) that illustrates the method by which all decisions are made and pinning it on the wall in the room in which a decision is being made. Another organization did as we suggest in the book and, after their managers had read it, gave them each a plasticized wallet-sized copy of the simple decision-making aide memoire which is to be found in the last of the book’s appendices. 

As your question and your own sporting experience suggests Mark, repetition and practice makes perfect. The journey begins with the first step - by starting.

“I was being recruited to be a family physician in a small southern-Illinois town.  As with most recruiting experiences, there was an evening meal at a local restaurant.  When I arrived, I was surprised with roughly 30 people waiting for me.  The recruiting hospital had invited community leaders - from politicians  to the owner of the local McDonald’s - to meet me.  Each person made it a point to engage me in conversation about the community.  Since then, when applicable, I have made it a point to also make it about the community rather than just the job.”- Michael Fessenden, Letter to the Editor, Wall Street Journal, April 21, 2022

Scholars have long debated whether there is a pattern to history.  Some thinkers maintain that history is cyclical or a random process in which events are mostly shaped by structural forces such as technology, social classes, geography and climate.  Others argue that actions by individuals matter more, regardless of whether such actions flow down from the top or up from the grass roots.  This “structure” versus “agency” debate matters to the future of the corporate risk management function.  As previously discussed, the current model of the corporate risk management function is a structural one in which the profession provides ancillary services (insurance procurement, claim management etc.) that are often not seen by the c-suite as vital to the success of the business.

How can the risk management profession change this mindset?  Change should start by looking at history generally and appreciating the role that the risk management profession can and should play in helping to build sustainable organizations that flourish.  To better understand history, we have studied the work of Francis Fukuyama, one of America’s leading academics and thinkers, who explains that humanity has progressed through four stages (See F. Fukuyama, The Long Arc of Human Progress, Wall Street Journal (April 29, 2022)).

The first stage was known as the era of the “hunter-gather” and it was characterized by a few dozen individuals living in small communities. When some of the hunter-gather communities began settling in fertile river estuaries, they developed agricultural technologies that increased their size from a few dozen to thousands of people.  This second stage became known as “segmentary lineages” or tribes, all claiming to originate from a common ancestor.

Approximately 8,000 years ago, humanity progressed from tribally organized communities to state-level societies.  Appearing first in China and eventually Europe, state-level societies grew enormously in scale, often encompassing millions of inhabitants.  A central organizing tenet to state-level of societies was the use of institutions that allowed a privileged few to rule by law in order to extract and accumulate wealth - natural resources, human labor etc.  This rule by law approach provided some level of short-term protection against negative risks but ultimately would fail through depletion and corruption.  In rule by law societies, most people never realized their human potential because they spent their entire life enriching someone else, somewhere else.

A fourth shift began in the 17th century in Western Europe and would spread to North America.  Known broadly as liberalism, this doctrine is founded on the ideas of human equality and the pursuit of knowledge through the scientific method.  This led to the creation of new social classes (those that own capital, a middle class that provides services, and a working class) and a shift in institutions away from rule by law to rule of law.  An impetus for the shift was the gradual realization that an increasingly complex society could not function well for the long term unless its institutions used the rule of law to protect overreach by any one social class, especially the elite.    

The rise of liberalism coincides with a shift from away from extraction-type thinking to a generative mindset which is more human-focused.  Generative organizations focus on unleashing the full range of capacities of each individual.  The logic is that just as your body needs all of its organs to be healthy, so too does an organization or society need all of its human capacities and institutions to perform at their highest level of functionality.  Accordingly, generative organizations and societies adopt a rule of law approach that promotes common-cause values such as a reverence for life, freedom, and fairness.  These shared values in turn make it easier for synergetic cooperation to occur which is the fuel needed for enduring systems to regenerate themselves over the long-term.

Herein lies the opportunity for the risk management profession.  The profession will rise in stature to the extent that it is viewed as increasing the potential and magnitude of good things happening - just as in the way the above-cited physician saw his work as building a healthy community and not simply as a provider of medical services.  

To understand what we mean, let’s go back to the example of the COVID-19 pandemic.  In November 2019, a report co-produced by the Johns Hopkins Center for Health Security was released as the first detailed assessment and benchmarking of 195 countries on their readiness to manage the risks of a pandemic.  The United States ranked first and scored the highest in four out of six areas:  prevention, detection, health system capacity, and compliance with international norms (Abbey EJ, Khalifa BAA, Oduwole MO, et al. The Global Health Security Index is not predictive of coronavirus pandemic responses among Organization for Economic Cooperation and Development countries. PLoS One. 2020;15(10):e0239398. Published 2020 Oct 7. doi:10.1371/journal.pone.0239398).  Despite this level of preparation, the United States has now surpassed more than one million deaths and it was unable to build societal consensus about the best way to minimize harm while developing a vaccine that would allow a return to normalcy.  

Our inability to achieve societal consensus is perhaps best illustrated by the fierce debate over governmental mandates for mask wearing.  For some, mask wearing became a symbol of solidarity and respect for others.  Others turned masks into a hated symbol of oppression.  In the end, the “mask wars” became a reminder of our limited capacity to change our behaviors and the limitations of managing risk by rule of law or what we call legal mandates. 

Perhaps the most controversial legal mandate was the federal requirement of mask wearing on transportation, including airplanes.  More than anything, this requirement exposed the limitations of the rule of law and the use of formal authority to impose mandates.  Mandates work best as carefully tailored requirements that are used sparingly especially when then are limited options to protect people.  The challenge is that every time you exercise formal authority - e.g., issuing a transportation mask mandate - you deplete it.  The opposite happens when you use moral authority - e.g., acting with humility, treating people with respect etc. - you strengthen it.  

Going forward in a world where power is increasingly shifting to individuals who can easily connect and combine their power exponentially for good or ills, the risk management profession has a rightful place in helping the c-suite act in a way that earns trust and enlists people in the pursuit of noble causes worthy of their dedication.  How do we make this happen?  Imagine that you are the family physician moving to a small town at the start of the pandemic.  How would you create a successful public health campaign?

Until a vaccine became available, the goal would be to protect those at high risk of severe infection while those with low risk would return to work to prevent undue harm to society caused by disruption and degradation of basic economic function (goods, services, supply chains etc.).  In the case of masks, this might mean urging the entire community to wear high quality masks (KN95 or N95) when indoors, especially around vulnerable populations, but not outdoors or in flight when people will need to eat or drink and when a plane’s air-filtration system is on.  Once vaccines became readily available, the physician’s message would change to help people get back to their life.

Life is about progress and progress means taking risk which is the gap between the state of certainty and an uncertain reality.  Managing that gap requires truth and trust; otherwise, we would remain in a state of perpetual fear about going to work, sending our children to school, or flying on an airplane.   The truth is that humanity has created a technological standard of living for many parts of the world that protects us in ways that we don’t realize.  Trust helps us decide what level of individual and collective risk we should be willing to assume in making decisions.  For those who have been fully vaccinated and boosted and are in good health, being around unmasked people is a sensible tradeoff unless there are compelling circumstances. After all, we don’t require properly trained people to wear helmets when driving cars or to wear life vests when swimming.
​
In closing, the future of the risk management profession is about helping organizations function like strong and healthy communities.  Accordingly, there are new roles and responsibilities for this profession in helping business leaders learn how to lead with moral authority and how to generate respect and influence by trusting people with the truth.  Think of how the beloved family physician does it every day in a small town.  We will continue with this topic in the next section. 

Please tell us about your involvement in the creation of a Handbook on Risk Financing (HB 141:2011). What motivated you to become involved with this project and in what ways do you think the handbook can be useful to organizations?

Before explaining the purpose and utility of this particular ‘handbook’ (HB) and the reason I became involved in its development, it may help to first provide a little background about the general nature of documents of this type and why this HB was developed jointly by two sovereign – albeit neighboring – countries.

General function of ‘Handbooks’

Rather like legislation, national ‘Standards’ are drafted using explicit language. They make clear what is recommended or required but do so concisely with minimal explanatory content. 

It is recognized, however, that while standards are prepared by ‘experts’ (or people assumed to be experts) the end-users of standards might not be experts. The practice emerged of also developing ‘companion’ documents (called ‘handbooks’) containing explanatory material, examples and case studies to assist understanding by a wider range of end-users of the related standard.

Such ‘handbooks’ typically have one of three general purposes:

• Provision of an expanded explanation of the standard.
• Explanation of how to apply the standard in a specific sector or in respect of specific issues (sometimes also explaining related jargon used in that sector).
• Additional explanation of a particular technique referenced in the standard. 

Why ‘joint’ standards and handbooks?

Although independent countries, the economies of Australia and New Zealand are closely linked both in terms of ownership, practice and, increasingly, regulation. (This is particularly evident across the financial services sector.)

In the late eighties, as part of an overall strategy for closer economic cooperation and efficiency, the governments of Australia and New Zealand signed a ‘joint standards agreement’ (JSA) with a view to reducing differences in standardized practices and products to minimize barriers to trade and enhance productivity generally.

The two countries had, for example, long used the same domestic electrical system (230v, 50 Hz) and the same distinctive 3 flat-pinned outlets making it easy for manufacturers of electrical goods to sell into both countries. The aim of the JSA was to extend such well-proven harmonization practices. 

Pursuant to the JSA, the national standards organizations of Australia and New Zealand would, wherever beneficial to do so, establish ‘joint’ committees to prepare standards with the resulting standard numbered in the form AS/NZS XXXX:Year. The same approach was taken with related HBs.

Publication timing, and specific purpose of HB 141:2011 

In 2009, within weeks of publication of the first international standard on risk management (ISO 31000) Australia and New Zealand jointly adopted it as their national standard and then commenced work on several companion HBs. These included the techniques of ‘communication and consultation’, managing environment-related risk, managing disruption-related risk, and managing risk in not-for-profit organizations and in sport and recreation organizations.
 
HB 141:2011, was developed to expand on and explain the technique of ‘risk financing’ which is mentioned in ISO 31000. It replaced a much earlier handbook about ‘insurance’ which was little more than an anthology of insurance jargon. 

The new handbook (and the expression ‘risk financing’) acknowledged that insurance is but one technique for making money available on a contingent basis if money could be needed following occurrence of a fortuitous adverse event
. 
Contingent funding mechanisms are a means of addressing uncertainty. By contrast, if it is either known or highly predictable (i.e., certain) that costs of either a particular type or quantum will be incurred, it will usually be more efficient to simply anticipate and budget for that amount.

As well as recognizing and explaining other contingent funding techniques, HB 141:2011 also addressed the important operational and financial interactions between:

• the overall purpose and ambitions of the organization and the characteristics of the contingencies being funded;
• the quantum of funds that might, therefore, be required;
• the actual and perceived likelihood of such funds being required (and the options for and costs of adjusting that likelihood and managing perceptions);
• the cost of various mixes of risk financing arrangements (of whatever types); and
• the required level of certainty that funds will be available when needed (which is why accepting a higher premium if offered by an insurer with a higher credit rating, might prove an excellent investment). 

It is rare that insurance is seen as the only means available for funding contingent events – especially those of a magnitude (cost) that is reasonably predictable and hence can be budgeted for, or so small that they can be directly expensed and absorbed as an operating cost should they occur.

At the other end of the scale, the assets of some organizations are sufficiently diverse and large that even in the face of occurrence of a major event, the strength of their balance sheet would allow them to raise funds on the capital markets to fund repair or recovery, just as they would for, say, a major expansion or acquisition.

Past experience of contingent events in both the organization itself and in the sector to which it belongs, while not a predictor of the future, nevertheless feeds into the perceptions of interested parties such as insurers. 

Hence,  to find the most economic mix of risk financing options, organizations usually benefit from investing in, two related activities:

• making technical or organizational changes that will influence the magnitude and likelihood of contingent events occurring, and 
• ensuring that interested parties (such as insurers) have high quality factual information made available to them. (There is an old saying that insurers will seek to fill the gaps in their knowledge with more premium!)

In summary, finding the most effective and efficient risk financing option requires balancing several areas of expenditure (including investment in quality advice) over and above the direct financing costs such as premiums. 

HB 141 was prepared in the knowledge that few organizations either seek or succeed in finding that balance with the main barriers being both conceptual and not having access to the full range of relevant technical knowledge. Because of the importance of reliable and efficient risk financing arrangements, such shortcomings can amount to a failure of governance.

I would often be surprised, for example, by the tendency of company executives or even directors to be very interested in the cost of the premium or the fees of broker or advisers, yet ask nothing about ‘the elephant in the room’; i.e., the financial solvency of the insurers and the likelihood that they would be willing and able to pay claims. It would remind me of the saying about ‘doing a great job on the micro detail while unwittingly heading towards the grand fallacy’. 

So, the major stimuli for developing HB 141 included:

• using plain language to help the different participants understand the parts of the ‘jigsaw puzzle’ and the options;
• explaining, conceptually, how the interactions between the ‘pieces’ could have a profound effect on total, long run cost; and
• providing a comprehensive list of (8) criteria by which organizations can assess and as necessary improve their current practices (these are set out in Chapter 3 of the handbook).

Although written in the context of risk financing practices in Australia and New Zealand, HB 141:2011 is substantially relevant in all jurisdictions and even includes a discussion of ‘takaful,’ a funding mechanism found in Islamic countries.

My involvement

I became involved in the development of HB 141 for two reasons. In Part I of this interview, I mentioned that I was a member of the ISO committee that wrote ISO 31000 and a member of the joint Australian/NZ committee that adopted it nationally. I also outlined in that interview the diversity of my somewhat unusual background including experience within the broad risk financing sector as an adviser to many different types of organizations. 

This experience meant I understood the considerations which, whether realized or not, underpin risk financing decisions; how these interact and how they can be optimized. These considerations include:

• estimating how much money might be needed on a contingent basis;
• estimating how likely it is that those arrangements might be called upon;
• finding efficient ways to modify the scale and likelihood of what could occur; and
• understanding how well any particular risk financing approach would respond in practice if called upon to produce money. 

Understanding these considerations is not a universal skill. Even sophisticated organizations often take risk financing decisions without a sound conceptual grasp of what they are doing or without consideration and careful evaluation of options and interfaces.

Furthermore, practitioners involved in various technical aspects of risk financing, while expert in their own field, are often limited in their ability to explain what they know to others without recourse to jargon. Few know how best to optimize the interface of their own expertise with that of others. 

Awareness of this reality helped the drafting team to match the content of HB 141 to its various audiences. Those audiences are described in its preface, but are usefully summarized as including risk financing buyers, sellers, and technicians … and also students.  

Awareness of the needs and aptitudes of the audiences also stimulated us to draft the HB using plain language, in a bid to bring about a common understanding. In this I was helped by many years of explaining often complex considerations to senior management and directors, risk financing practitioners, engineers and other operational staff and to decision-support personnel such as general counsel. 

One of our frustrations with commercial insurance is the idea that policyholders are transferring risk to an insurance company.  Why is this a myth and how should purchasers better think about the use of insurance?

These are excellent questions but let me answer the latter part first.

Role and function of insurance

Strangely enough, even in large organizations, insurance is often thought of as a commodity (albeit indispensable) with there being only a general sense of its purpose or the need it is intended to meet. It is purchased as an envisaged answer to a seldom well-defined problem, by people often oblivious to its limitations and without consideration or understanding of the availability or efficiency of alternatives.

As already mentioned, insurance is a contingent funding arrangement. Its distinctive characteristic is to spread the losses of the few over time and across the many who use this ‘risk financing’ arrangement.

The insurance purchaser envisages there could be circumstances in which money might be needed on the occurrence of fortuitous but foreseeable events and believes (or hopes) that the insurance arrangement will respond timeously and provide those funds in a way, and in an amount, that will meet that need. Whether it does, or not, or whether either insurance generally or any particular version is the best option, can be a different matter.

Of course, regardless of the funding mechanism, contingent funding alone might not be sufficient to restore the organization to its pre-event position. Events which also result in loss of reputation are such an example. Money might repair damage, but good reputations are typically harder to rebuild.

Inevitably, the more likely it is that such funding will be (or is) called upon and the likely quantum of such calls, will, ultimately, affect the cost. 

The success of any particular insurance arrangement will therefore depend on:

• adequate definition of the problem it is intended to solve (i.e., the reason contingent funding is needed; how much money will be needed; and when it will be needed by);
• whether the availability of sufficient money can fully solve the problem;
• exploration of the available funding options and their comparative costs and reliability; 
• whether expenditure on funding has been optimized with other expenditure that will favorably influence the cost of the insurance arrangement (for example, expenditure on preventative practices and/or provision of relevant information to insurers)

and whether, alone or in combination with other funding methods the insurance arrangement -

• is the most efficient, and 
• offers sufficient certainty that it will function as intended.

These considerations, while only briefly stated here, are utterly fundamental and yet seldom are considered explicitly from either a governance or senior management perspective. 

Interestingly, even though fundamental, asking such questions does not require detailed technical knowledge even though answering them might. However, failure to ask these questions of those responsible for insurance selection and purchase could amount to a serious breach of a fiduciary duty.

Why the notion of insurance being a means of ‘risk transfer’ is a myth

As my co-author Grant Purdy and I explain in our book Deciding, the word ‘risk’ is problematic, as it has an almost infinite number of meanings and usages. But let’s, for now, treat it as meaning, simply, ‘a problem.’  So, the question becomes, is it a ‘myth’ to see insurance as a means of an organization transferring a problem to an insurance company?

And without doubt, the answer is yes! It is a myth. Although some of ‘the problem’ might (this qualification is important) now rest with the insurer (in return for the premium) some will not, either intentionally (for example that part expressly excluded in the wording of the policy), but also unintentionally. Indeed, as I will explain, irrespective of the policy wording, ultimately none of the problem might have gone anywhere!

I think the underlying reason for this ‘transfer’ misunderstanding is that so often the discussions around insurance take place through a mix of technical insurance language and jargon, of which, since about the seventies, the expression ‘risk transfer’ has become a highly used, yet completely unhelpful example of the latter. 

I remember being on the ISO 31000 committee and arguing (successfully) for the replacement of the expression ‘transferring risk’ in the draft standard with ‘sharing’ risk. (Now, of course, I know that the word ‘risk’ is hopelessly compromised but I will park that discussion for the moment!)

Having gained a consensus to that change, one representative from a major first world country whose day job was providing insurance advice across the whole of its national public service angrily insisted that his objection to this change be noted in the minutes.  He said: “This would cut across everything I have been teaching for 30 years!” 

His problem, of course, was that he had mistaken jargon for knowledge and hadn’t thought about the realities of an insurance contract such as - 

• The insurance policy is merely a legal promise – whether it is later kept by the insurer can never be certain as illustrated by some of the great historical insurance company failures. Even though some jurisdictions specify minimum liquidity obligations for insurers, it can be seen from the evaluations of the rating agencies that there are considerable differences between the assessed financial strength of insurers. 
• Even with the most careful drafting, the actual effect of the words of the policy when applied to the facts and circumstances of a particular claim will only be known at the time of the claim and may either disappoint or at very least be contested with possible resolution only through expensive litigation and delay. 
• Most insurance policies have bottom and top dollar limits as to what they will pay – i.e., at the bottom, a ‘deductible’ amount that is to be funded by the insured, and, at the top, a maximum limit, beyond which the policy will not pay.  Clearly, the cost of losses outside those limits (which may not be properly understood anyway) remain with the insured party. Particularly for open-ended exposures, such as in liability (‘casualty’) insurance where there is likely no definitive limit to what can be sued for, or in business interruption insurance (which usually requires nomination of a finite period of interruption over which the policy will respond) there is considerable scope for errors of judgement. 
• Insurers often prefer to avoid finding themselves with the whole of the insured egg in their basket and so seek to share their exposure with other insurers via either re-insurance or co-insurance. Whether they are successful in doing so might only be discovered later when a claim is made.  While brokers can and sometimes do control which other insurers and reinsurers participate (and how the sharing is structured) ultimately multiple insurers mean multiple potential points of insolvency and thus inability to pay their share of claims. 
• Insurers and reinsurers can also have different attitudes and practices in settling claims. Some are expeditious, others are tardy, recognizing, no doubt, that the longer the funds to be paid out remain in their own account, the greater the opportunity to earn interest.  Tardiness and disputation are more likely if on becoming aware of the particulars of a claim, a reinsurer feels that their exposure was not properly explained to them at the time of being invited to participate. If reinsurance is arranged by the lead insurer (rather than by the insured or their broker) the insured might not know how their operations have been explained to the reinsurer – which is an argument for the insured or their adviser to control the reinsurance arrangements and flow of information to explain the nature of what is being insured. When there are complex claims, differences in the expertise of each of the insurers to understand and assess the claim can adversely affect progress of the claim.
• Although ‘loss adjusters’ (specialists who are engaged to determine liability and quantum of claims) are meant to act independently, the fact is that they are usually paid by the insurer which is why some insureds engage specialists of their own to verify and if necessary, challenge the judgements of the loss adjuster.
• As explained in Part 1 of this interview, insurance is arranged according to the doctrine of ‘utmost good faith’ (uberrimae fides) requiring honest disclosure of facts that are material to the decisions of the parties to enter into an insurance contract. 

Hence, concealment, dishonesty or even negligent error can invalidate the ‘risk financing’ arrangements, especially if such failings are material to the facts of a claim. (For example, a failure to reveal the presence of explosives in an insured property that was not (say) an explosives factory, could invalidate a claim for an event in which the explosives significantly contributed to the damage).

The foregoing considerations explain why organizations should both explicitly and intuitively recognize that they are, at best, ‘sharing’ the ‘risk’ with their insurer(s).  The same uncertainties, of course, apply to all forms of contract which seek to position liability, giving rise to the old expression ‘liability will lie where it falls’ (which might or might not be where intended!).

More generally, jargon is an obstacle that gets in the way of thinking clearly about risk financing. What key concepts or terms in risk financing, especially insurance purchasing, create the most confusion and what is a better way of thinking about such concepts or terms?

That’s an interesting question! 

The extent of confusion rather depends on which participants in the provision and purchase of risk finance we are referring to. It is also necessary to differentiate between technical language, including those expressions with established legal meanings (e.g., ‘hold covered’) and loose yet ultimately meaningless jargon (such as ‘self-insurance’).

Technical language and abbreviations such as policy, cover, premium, PD, BI, casualty, sum insured, rate, ‘on risk’ excess, deductible, aggregate deductible, exclusions, extensions, layering, proportional participation, manuscript wordings, indemnity period, indemnity value, replacement value, agreed value, insurer, co-insurer, reinsurer, slip, cover note, underwriter, finite risk contracts, lead underwriter etc. are very functional for those involved in negotiating and effecting risk financing arrangements, and seldom give rise to confusion. 

Indeed, in some insurance markets such as Lloyds of London, where only those who have formally demonstrated their mastery of Lloyds practices and conventions may operate, huge transactions are often completed by citing just brief labels or descriptors for standard clauses and conventions.   At Lloyds, the particulars of the required insurances, the terms and proposed premium rate are summarized on a brief ‘slip’. The broker will use this to first seek the participation of a respected ‘lead’ underwriter with an interest in the type of thing being insured. Such participation is typically effected by the simple expedient of the underwriter recording the percentage being taken and notating the offer with their stamp. The broker will then approach others, inviting them to ‘follow the lead’ to achieve 100% at which point there is in effect, a legally binding contract. Typically, the actual policy wording will not be issued for several weeks (or longer) after the insurance has commenced.

Similar arrangements often apply in more conventional insurance markets with first the issue of a signed ‘cover note’ by which the insurance is incepted (based on negotiations) followed sometime later (excessively ‘later’, in some cases) by the actual policy wording.

All of this recognizes that for the purposes of effecting insurance transactions, established word forms which to non-practitioners can have the appearance of jargon, are in fact a very efficient, precise and effective means of communicating.

However, technical vocabulary is generally unsuitable for explaining or discussing risk financing arrangements with non-practitioners such as the organization’s senior managers or boards. What is required is an awareness on the part of practitioners of the unsuitability of their technical language for discussion with non-practitioners and the adoption, instead, of plain language.  That is why increasingly, there is a move to plain language policy wordings. These were first seen in domestic type insurances such as those purchased by homeowners and motor vehicle owners, which are now written in the first and second person (e.g., ‘we’; ‘you’).

In relation to true ‘jargon’, I mentioned the expression ‘self-insurance’. However, if insurance involves ‘problem sharing’ (as per my earlier explanation), how can one ‘share’ a problem with oneself?  What is usually being referred to as ‘self-insurance’ is the practice of simply expensing (i.e., paying) any costs incurred when an event has occurred that is not funded by the insurance policy. This occurs when all or some of the costs are lower than the ‘deductible’ (uninsured) component of the policy.

Even so, there are various risk financing arrangements that draw on the financial strength of the organization itself (sometimes with external reinsurance support) but are too complex to discuss here. Funding reserves, finite risk contracts and establishment of so-called ‘captive’ insurance companies (owned by the insured or, in a large conglomerate, by its parent corporation) are some examples.

HB 141:2011 cites the 9/11 attacks on the World Trade Center as an illustration of some of the risk financing principles that you earlier outlined.  Please explain what you see as the lessons from that event.

This dreadful event was especially meaningful to me. 

It claimed the lives of 298 colleagues of the firm for which I worked at the time - including one close friend. Years earlier however, as a special guest of the New York Fire Department, I had inspected the structural damage caused by the 1993 bombing attack and been briefed on the NYFD’s emergency response. Together with my fire engineering background, I was therefore able to quickly surmise from the 9/11 TV coverage, the mechanism through which the tower collapses occurred. It all seemed very personal.

As cited in the HB 141Handbook, the report by the Milken Institute on the 9/11 attacks on the World Trade Centre suggested that the direct and indirect costs of the attack exceeded US$70B in dollars of the day. To this figure must be added the enormous ongoing costs of aviation security and the subsequent War on Terror. The insured property loss alone was resolved at US$4.55B, with the insurance market also absorbing substantial casualty and other forms of insured loss. These losses became consolidated in the world’s major re-insurance markets leading to a flight of capital from those markets and immediate, upwards pressure on pricing to re-establish lost capacity. This illustrates the cyclical nature of insurance-based risk financing. 

Other effects included:

• a requirement for improved understanding of the potential modes of failure of structures with a steel frame. Prior to the attack, the effects of a major fire fueled by vast volumes of aviation fuel and dislodgement of structural fire proofing due to aircraft impact do not seem to have been considered;
• much closer attention to what insurers call their ‘accumulation’ or, in other words, the total financial loss they could experience from multiple consequences of a single event;
• greater attention to policy wordings and the notion of an ‘occurrence’ and whether an attack in two waves each directed at a different yet commonly owned building was a single or multiple occurrence;
• greater urgency in issuing policy documentation following inception of the insurance program to reduce the potential (in the absence of such documentation) for different insurers to assert different interpretations of the wording on the slips in order to avoid litigation and other delays in settling claims; 
• improved communication during the settling of claims between insurers and their re-insurers.

More widely, of course, the WTC tragedy brought added focus to the importance placed on contingency planning to minimize disruption and expedite recovery as well as more stringent building codes, better fire department command and control practices and personal protective equipment, and great changes to aviation security. 

Here in the United States, insurance purchasing is often disconnected from the day-to-day activities that might fall under the umbrella of operations/enterprise risk management.  We will focus on your new book on decision making in the next section but can you offer a few suggestions for bridging this gap?

You’ll appreciate by now that I don’t see any sense or utility in organizations having an ill-named silo called ‘enterprise risk management’, even though this is not uncommon. Indeed, in our book Deciding we describe such approaches as a ‘millstone’, and something to be dispensed with by the organization as quickly as possible! It is therefore a little difficult for me to respond directly to your question. 

Nevertheless, in answer to the earlier questions, I have explained how ‘risk financing’ arrangements are inexorably linked to other activities and should, therefore be:

• designed and executed as part of a coordinated conceptual approach, 
• consistent with the organization’s purpose; and 
• overseen by its governance structures.

There are, therefore, two broad tasks:

1. determining the need for, and selecting the method of, risk financing, and
2. efficient and effective implementation of the selected and related strategies.

While HB 141 is aimed at broadening the understanding of all who are involved, these two broad tasks are distinctive. The first is strategic, which, given its direct connection with the survivability of the organization, is properly made at the highest level.  The second is more technical with numerous operational interfaces and invariably involving diverse technical skill sets.

This suggests to me that it makes little sense to assign the task of selecting the risk financing strategy to a standalone silo or department, or even to an existing department such as finance. The better approach is to use  a skilled, relatively independent ‘decision support’ type person, fully versed in the matters traversed by HB141, to oversee and drive the process by:

• developing an annual timetable (risk financing arrangements are typically arranged year on year);
• developing the strategy (in consultation with others including the CFO, CEO and board);
• assigning tasks (whether in-house or by external suppliers);
• facilitating and coordinating decision-making; and
• monitoring, reporting and verifying progress.

In large organizations, this person may need a small support staff, such as for the preparation of options papers, consultation with those dependent on or involved in related activity, and monitoring and reporting progress against the selected strategy.

NOTE
HB 141:2011 Risk Financing Guidelines can be purchased online.

“The legitimate object of government, is to do for a community of people, whatever they need to have done, but can not do, at all, or can not, so well do, for themselves - - - in their separate, and individual capacities.” - Abraham Lincoln, Fragment on Government, July 1, 1854

“When you see how hard it’s been for governments to get their citizens to just put on a mask in stores, or get vaccinated, to protect themselves, their neighbors and their grandparents from being harmed or killed by COVID-19, how in the world are we going to get big majorities to work together globally and make the lifestyle sacrifices needed to dampen the increasingly destructive effects of global warming - for which there are treatments but no vaccine? That’s magical thinking, and it demands a realistic response.” - Thomas Friedman, The Climate Summit Has Me Very Energized and Very Afraid, New York Times, November 9, 2021

Gifted thinkers from Abraham Lincoln to Thomas Friedman have long worried about the ability of humanity to manage uncertainty - to adapting and learning more, doing more of what works, and collaborating more.  Because whether it’s navigating through a once-in-a-century pandemic or addressing climate change before it’s too late, building better systems to manage uncertainty is the only route to a healthier and safer world.

One area of business that needs to adapt is the corporate risk management department.  As previously explained, corporate risk management departments are typically not seen as performing activities that relate to the core purpose of the organization.  This is true of other corporate functions such as IT departments.

Why is this?  Think about how these two departments came into being.  Historically, they were created as back-office or ancillary functions that made sure that the company had proper commercial insurance and that the company’s computers kept running.  The mindset was that these ancillary functions would partner with the rest of the business by delivering these support services.  Value was not measured on the basis of outputs or contributions to the success of the business.  Instead, performance was measured on the basis of inputs:  money spent on insurance premiums and computers and whether projects (the insurance program or computer system) came in on time and budget.

Let’s turn back to the pandemic to explain why the partner-engagement model isn’t strong enough to influence business outcomes.  At the time this article was written (December 2021), a new COVID-19 variant - Omicron - was sweeping the world.  Dr. Ashish Jha, one of America’s foremost public health experts tweeted on December 8, 2021 that your health risk depended on your membership in one of three groups:

• Group 1 - Immunologically naive: Unvaccinated and not recently infected who will get infected at exceedingly high rates.  Many will get sick and the degree of illness will likely be moderate to severe.
• Group 2 - Somewhat protected: People with 1-2 vaccine shots or a recent infection.  Large numbers of this group will experience breakthrough infections but severe illness, except for high risk individuals, should largely be preventable.
• Group 3 -  Highly protected:  People who are fully vaccinated and received booster shots or have hybrid immunity (infection + two shots).  Probably some limited breakthroughs but severe illness will be rare.

​Consequently, the Omicron variant will be a “big deal” if you are in Group 1 but you are likely to experience mild to no disease if you are in Group 3.  What’s interesting is that Dr. Jha’s use of three groups mirrors our earlier discussion of uncertainty and the importance of shifting our mindset away from the study of problems or deficits to the other half of the continuum which promotes the best of the human condition.  In other words, should we tie optimal health and well-being to eliminating deficit gaps that cause negative deviance or should we focus more on increasing the potential and magnitude of good things happening?  Look again at Kim Cameron’s map which corresponds to Dr. Jha’s groupings:

Source:  Kim Cameron, University of Michigan, 2003

Application of Cameron’s classification to Dr. Jha’s groupings means that the “Immunologically Naive” population will experience illness, the “Somewhat Protected” population will experience normal health, and the “Highly Protected” population will flourish.  The question for the United States and other countries will be how to increase the number of “Highly Protected” groups.  We think it will come down to the degree to which public health expertise can be better integrated within individual communities.  Without that integration, communities will continue to struggle with decision-making and developing a sense of shared ownership for public health.

The same principle holds true for the future of the corporate risk management community.  While some centralization will remain (e.g., everyone uses the same insurance program and claims process), risk management professionals need to embed within each department of the organization.  Otherwise, risk management professionals, like public health officials, will remain disconnected, from influencing outcomes.

The role of senior leadership is to ensure that the integration happens and that there is a consistency of practice across the organization.  Think of it as risk management serving as a common framework in that every business unit has the same canvas and paint but leaves it up to each individual business unit to decide what they paint and how (i.e., manage uncertainty).  The role of the risk management professional in this scenario is not to function as a supplier of services but to act as a valued contributor to ongoing operations and to the success of the business unit.
There are at least four key components that make up a model de-centralized risk management framework that should be scaled up within each business unit:

• Collaborative learning;
• Decision-making; 
• Process accountability and methods improvement.
• Effective communication

​These substantive skills are critical to managing uncertainty in a way that increases the potential and magnitude of good things happening (the positive side of uncertainty) and decreases the probability and severity of bad things happening (the negative side of uncertainty).  In future columns, we will explore how the traditional corporate risk management community can help their organizations become more proficient in each of these substantive areas.